Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

everything is messed up

Started by sleepyfloyd , Oct 19 2004 09:34 PM

  • Please log in to reply

#1
sleepyfloyd
Posted 19 October 2004 - 09:34 PM

sleepyfloyd

    New Member

  • Member
  • Pip
  • 3 posts
My comp keeps reseting, I got the "blue screen of death" a couple times, homepage switches, webrebates, about:blank, crazy mouse, slow connect, "HSA" and just about everything else. I've ran AdAwareSE and Spybot. I also read through a hijackthis tutorial. I searched up to see which was bad and good, but i would feel better if one of you guys looked at it. I don't want to mess up my computer. Please reply as soon as you can. Sometimes i can't get online, because my comp will just reset as soon as it starts. i finaly got on now. i think i got all the neccessary programs: adawarese, spybot SD, aboutbuster, procexp.exe, CCleaner, plvx2cleaner, stinger, hsremove, fixblast, bhr.exe, and spywareblaster. I know i need to update to SP4 on windows..but everytime i try to update it resets.
sorry, i know im talkin alot, but this is just irritating, newayz, heres my hijackthis log:


Logfile of HijackThis v1.98.2
Scan saved at 9:58:53 PM, on 10/19/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
D:\WINNT\System32\CTsvcCDA.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\wanmpsvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\MsPMSPSv.exe
D:\Program Files\Wireless-G USB Network Adapter\WLService.exe
D:\Program Files\Wireless-G USB Network Adapter\WUSB54G.exe
D:\WINNT\Explorer.EXE
D:\WINNT\System32\CTHELPER.EXE
D:\WINNT\System32\RunDll32.exe
D:\WINNT\System32\pctspk.exe
D:\Program Files\Real\RealPlayer\RealPlay.exe
D:\Program Files\Winamp\Winampa.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINNT\System32\tyepvzq.exe
D:\WINNT\System32\RUNDLL32.exe
D:\WINNT\System32\atmfd.exe
D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
D:\Documents and Settings\Administrator\Application Data\beus.exe
D:\WINNT\System32\rundll32.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Office\FINDFAST.EXE
D:\WINNT\System32\olbactc.exe
D:\Program Files\Web_Rebates\WebRebates1.exe
D:\PROGRA~1\Winword\WINWORD.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Administrator\My Documents\download\sleepyfloydsucka\clean\HijackThis.exe
D:\Documents and Settings\Administrator\Local Settings\Temp\autoruns.exe
D:\Program Files\Web_Rebates\WebRebates0.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINNT\system32\xrllb.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINNT\system32\xrllb.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - D:\WINNT\mxTarget.dll
O2 - BHO: YBIOCtrl Class - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - D:\WINNT\systb.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - D:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SiS Tray] E:\VGA\SiS630&730\Utility\sistray.EXE
O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [STOPzilla] "D:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater] regsvr32 /s D:\WINNT\System32\kdpupd.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater (required)] regsvr32 /s D:\WINNT\System32\KDP7979.dll
O4 - HKLM\..\Run: [hrwyjkyxfxqp] D:\WINNT\System32\tyepvzq.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "D:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [b.exe] D:\documents and settings\administrator\local settings\temp\b.exe
O4 - HKLM\..\Run: [wl.exe] D:\documents and settings\administrator\local settings\temp\wl.exe
O4 - HKLM\..\Run: [Win Server Updt] D:\WINNT\wupdt.exe
O4 - HKLM\..\Run: [WebRebates0] "D:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [olbactc] D:\WINNT\System32\olbactc.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [atmfd] D:\WINNT\System32\atmfd.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Arll] D:\Documents and Settings\Administrator\Application Data\beus.exe
O4 - HKCU\..\Run: [Rsd] D:\WINNT\System32\w?nspool.exe
O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Office Fast Start.lnk = D:\Program Files\Office\FASTBOOT.EXE
O4 - Startup: Microsoft Office Find Fast Indexer.lnk = D:\Program Files\Office\FINDFAST.EXE
O4 - Startup: Microsoft Office Shortcut Bar.lnk = D:\Program Files\Office\MSOFFICE.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = D:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://D:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://D:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...559c58055eaf1e3
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...40/QDow_AS2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domain.car-research.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9BCBD69-5893-4E28-A066-97EDA6BF309E}: NameServer = 151.164.1.7,151.164.1.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domain.car-research.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domain.car-research.com


any help would be appreciated.
  • 0

Advertisements

#2
needenalife
Posted 19 October 2004 - 10:06 PM

needenalife

    Visiting Staff

  • Retired Staff
  • 10 posts
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINNT\system32\xrllb.dll/sp.html#28129

tells us that you have an about:blank problem, hopefully this will take out that crud <_<

1. Download About:Buster from:

http://downloads.sub...AboutBuster.zip
Or here:
http://tools.zerosre...AboutBuster.zip
Unzip it to your desktop. It is VITAL that it be unzipped.
Please open/run the program and check for updates. After you update it exit. Do not run the actual scan/fix until instructed below.

2. Boot into Safe Mode - Hit the F8 key several times while booting, until you get a menu. Reboot to safe mode, explained here if needed:
http://service1.syma...001052409420406

3. Run About:Buster at least 3 or 4 times while you are in Safe Mode.

It will create a log in addition to cleaning your system. Post the about buster log and a fresh hijackthis log in your next reply.

Re-run AdwareSE while in safe mode.

Next:
Please run this free online scan for viruses.
http://www.pandasoft...cts/activescan/
Tell me if some files cannot be deleted

Then:
Start Hijackthis and place a check next to only these items.
Close all browser windows, even this one, and shut down all other programs (even folders) that show in the taskbar.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank


Post a fresh log and some feedback please. Also post your about:buster log.

Note: Make sure you post a new log, I highly doubt your computer will be fully clean yet, but it will be a great start :D

Edited by needenalife, 19 October 2004 - 10:07 PM.

  • 0

#3
sleepyfloyd
Posted 19 October 2004 - 11:35 PM

sleepyfloyd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks for the quick reply, i really appreciate it. i did everything you said. It took me like three tries to get into safe mode. It froze on my twice. I ran the about.buster four times. I ran the adwarese three times b/c it froze the first two times. After that i rebooted and tried to do that online active scan but it just reset my IE. Also, my comp rebooted on its own twice. I then got on hijack this and removed what you told me to remove. Another thing also happened. My internet explorer is now missing the whole toolbar. Its just the title bar. i don't know wuts up with that. It doesn't go to the blank page now, but everytime it goes to google (my homepage) it always asks to download that yahoo messenger. Newayz, heres my logs.


about.buster log:


Scanned at: 11:45:03 PM on: 10/19/2004


-- Scan 1 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 3 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 4 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!



------------



Logfile of HijackThis v1.98.2
Scan saved at 12:24:57 AM, on 10/20/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
D:\WINNT\System32\CTsvcCDA.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\wanmpsvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\MsPMSPSv.exe
D:\Program Files\Wireless-G USB Network Adapter\WLService.exe
D:\Program Files\Wireless-G USB Network Adapter\WUSB54G.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\pctspk.exe
D:\PROGRA~1\Winword\WINWORD.EXE
D:\Documents and Settings\Administrator\My Documents\download\sleepyfloydsucka\clean\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINNT\system32\xrllb.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: YBIOCtrl Class - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - D:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] D:\WINNT\System32\msconfig.exe /auto
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O8 - Extra context menu item: &AIM Search - res://D:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domain.car-research.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9BCBD69-5893-4E28-A066-97EDA6BF309E}: NameServer = 151.164.1.7,151.164.1.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domain.car-research.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domain.car-research.com




again i appreciate your help.
  • 0

#4
sleepyfloyd
Posted 21 October 2004 - 10:15 PM

sleepyfloyd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
which should i delete?
  • 0

#5
coachwife6
Posted 01 November 2004 - 12:20 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
SF:

Are you still having troubles?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP